virustotal_api 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ef4844e6f5a7e7be0cf7ed1aa7c7f25027bc5522
+  data.tar.gz: 34c4dcb450256151376eb1486ca2b9fed3a9a3be
+SHA512:
+  metadata.gz: 2bb1845d91af6c8ed7fef6055ec3514aa86427d6e751877b5c3ac4630430b17beb1dc9138c8a5d3d71c33ef503a0da056f558fbe97605f0fd621cb09d585ab0d
+  data.tar.gz: 2b73096b9aefc1aee739fb1bfb243f508a9e5b79118352dc34800c959ce1bb4ada3db7cfa2a8adccc834f65676c042ea4dfb1e5245adf480016d7212819e935c

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.rubocop.yml

@@ -0,0 +1,27 @@
+# This is the configuration used to check the rubocop source code.
+
+AllCops:
+  Exclude:
+    - 'test/fixtures/*'
+
+Style/StringLiterals:
+  Enabled: true
+
+Style/UnneededPercentQ:
+  Enabled: true
+
+Style/HashSyntax:
+  EnforcedStyle: hash_rockets
+
+# Disabled Checks
+Style/Documentation:
+  Enabled: false
+
+Style/PercentLiteralDelimiters:
+  Enabled: false
+
+Style/RegexpLiteral:
+  Enabled: false
+
+Style/BracesAroundHashParameters:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,11 @@
+sudo: false
+cache: bundler
+language: ruby
+rvm:
+  - 2.1
+before_install: gem update --remote bundler
+install:
+  - bundle install --retry=3
+script:
+  - bundle exec rake test
+  - bundle exec rake rubocop

data/Gemfile

@@ -0,0 +1,5 @@
+# encoding: utf-8
+
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 pwelch
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,144 @@
+# VirustotalAPI
+
+Ruby Gem for [VirusTotal](https://www.virustotal.com) [V2 API](https://www.virustotal.com/en/documentation/public-api/)
+
+[![Build Status](https://secure.travis-ci.org/pwelch/virustotal_api.svg)](http://travis-ci.org/pwelch/virustotal_api)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'virustotal_api'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install virustotal_api
+
+## Usage
+
+### File Report
+
+```ruby
+require 'virustotal_api'
+
+sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+api_key = 'MY_API_KEY'
+
+vtreport = VirustotalAPI::FileReport.find(sha256, api_key)
+
+# Does the resource have any results?
+vtreport.exists?
+# => true
+
+# URL for File Report (if it exists)
+vtreport.report_url
+# => "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1418032127/"
+
+# Report results (if they exist) are available via #report
+vtreport.report["scans"]["ClamAV"]
+# => {"detected"=>false, "version"=>"0.98.5.0", "result"=>nil, "update"=>"20141208"}
+```
+
+### File Scan
+
+```ruby
+require 'virustotal_api'
+
+file    = '/path/to/file'
+api_key = 'MY_API_KEY'
+
+vtscan = VirustotalAPI::FileScan.scan(file, api_key)
+
+# Scan ID of file
+vtscan.scan_id
+# => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668"
+
+# Response results are available via #response
+vtreport.response
+# =>
+{
+  "scan_id"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668",
+  "sha1"=>"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
+  "resource"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
+  "response_code"=>1,
+  "sha256"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
+  "permalink"=>"https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1419454668/",
+  "md5"=>"68b329da9893e34099c7d8ad5cb9c940",
+  "verbose_msg"=>"Scan request successfully queued, come back later for the report"
+}
+```
+
+### URL Report
+
+```ruby
+require 'virustotal_api'
+
+url     = 'http://www.google.com'
+api_key = 'MY_API_KEY'
+
+vturl_report = VirustotalAPI::URLReport.find(url, api_key)
+
+# Does the resource have any results?
+vturl_report.exists?
+# => true
+
+# URL for Report (if it exists)
+vturl_report.report_url
+# => "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1419457210/"
+
+# Report results (if they exist) are available via #report
+vturl_report.report["scans"]["Opera"]
+# => {"detected"=>false, "result"=>"clean site"}
+```
+
+### IP Report
+
+```ruby
+require 'virustotal_api'
+
+ip      = '8.8.8.8'
+api_key = 'MY_API_KEY'
+
+vtip_report = VirustotalAPI::IPReport.find(ip, api_key)
+
+# Does the resource have any results?
+vtip_report.exists?
+# => true
+
+# Report results (if they exist) are available via #report
+vtip_report.report
+# => Hash of report results
+```
+
+### Domain Report
+
+```ruby
+require 'virustotal_api'
+
+domain  = 'virustotal.com'
+api_key = 'MY_API_KEY'
+
+vtdomain_report = VirustotalAPI::DomainReport.find(domain, api_key)
+
+# Does the resource have any results?
+vtdomain_report.exists?
+# => true
+
+# Report results (if they exist) are available via #report
+vtdomain_report.report
+# => Hash of report results
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/pwelch/virustotal_api/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,24 @@
+# encoding: utf-8
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+require 'rubocop/rake_task'
+
+Rake::TestTask.new do |t|
+  t.libs       = ['lib']
+  t.warning    = true
+  t.verbose    = true
+  t.test_files = FileList['test/*_test.rb']
+end
+
+RuboCop::RakeTask.new
+
+require 'yard'
+YARD::Rake::YardocTask.new
+namespace :yard do
+  desc 'Run the YARD server'
+  task :start do
+    sh 'bundle exec yard server --reload'
+  end
+end
+
+task :default => :test

data/lib/virustotal_api.rb

@@ -0,0 +1,8 @@
+# encoding: utf-8
+require 'virustotal_api/domain_report'
+require 'virustotal_api/file_report'
+require 'virustotal_api/file_scan'
+require 'virustotal_api/ip_report'
+require 'virustotal_api/url_report'
+require 'virustotal_api/uri'
+require 'virustotal_api/version'

data/lib/virustotal_api/base.rb

@@ -0,0 +1,24 @@
+require 'rest-client'
+require 'json'
+
+module VirustotalAPI
+  class Base
+    # @return [String] string of API URI class method
+    def self.api_uri
+      VirustotalAPI::URI
+    end
+
+    # @return [String] string of API URI instance method
+    def api_uri
+      self.class.api_uri
+    end
+
+    # @return [Boolean] if report for resource exists
+    # 0 => not_present, 1 => exists, -1 => invalid_ip_address
+    def exists?
+      response_code = report.fetch('response_code') { nil }
+
+      response_code == 1 ? true : false
+    end
+  end
+end

data/lib/virustotal_api/domain_report.rb

@@ -0,0 +1,35 @@
+# encoding: utf-8
+require_relative 'base'
+
+module VirustotalAPI
+  class DomainReport < Base
+    attr_reader :report
+
+    def initialize(report)
+      @report = report
+    end
+
+    # @param [String] domain
+    # @param [String] api_key for virustotal
+    # @return [VirustotalAPI::IPReport] Report Search Result
+    def self.find(domain, api_key)
+      response = RestClient.get(
+        api_uri + '/domain/report',
+        { :params => params(domain, api_key) }
+      )
+      report = JSON.parse(response.body)
+
+      new(report)
+    end
+
+    # @param [String] domain
+    # @param [String] api_key virustotal
+    # @return [Hash] params for GET Request
+    def self.params(domain, api_key)
+      {
+        :domain => domain,
+        :apikey => api_key
+      }
+    end
+  end
+end

data/lib/virustotal_api/file_report.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+require_relative 'base'
+
+module VirustotalAPI
+  class FileReport < Base
+    attr_reader :report, :report_url
+
+    def initialize(report)
+      @report     = report
+      @report_url = report.fetch('permalink') { nil }
+    end
+
+    # @param [String] resource file as a md5/sha1/sha256 hash
+    # @param [String] api_key for virustotal
+    # @return [VirustotalAPI::FileReport] Report Search Result
+    def self.find(resource, api_key)
+      response = RestClient.post(
+        api_uri + '/file/report',
+        params(resource, api_key)
+      )
+      report = JSON.parse(response.body)
+
+      new(report)
+    end
+
+    # @param [String] resource file as a md5/sha1/sha256 hash
+    # @param [String] api_key for virustotal
+    # @return [Hash] params for POST Request
+    def self.params(resource, api_key)
+      {
+        :resource => resource,
+        :apikey   => api_key
+      }
+    end
+  end
+end

data/lib/virustotal_api/file_scan.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+require_relative 'base'
+
+module VirustotalAPI
+  class FileScan < Base
+    attr_reader :response, :scan_id
+
+    def initialize(response)
+      @response = JSON.parse(response)
+      @scan_id  = @response.fetch('scan_id') { nil }
+    end
+
+    # @param [String] file_path for file to be sent for scan
+    # @param [String] api_key for virustotal
+    # @param [Hash] opts hash for additional options
+    # @return [VirusotalAPIFileScan] Reponse
+    def self.scan(file_path, api_key, opts = {})
+      response = RestClient.post(
+        api_uri + '/file/scan',
+        :apikey   => api_key,
+        :filename => opts.fetch('filename') { File.basename(file_path) },
+        :file     => File.open(file_path, 'r')
+      )
+
+      new(response)
+    end
+
+    # @return [Boolean] if file was queued
+    # 0 => not_present, 1 => exists, -2 => queued_for_analysis
+    def queued_for_analysis?
+      response_code = report.fetch('response_code') { nil }
+
+      response_code == -2 ? true : false
+    end
+  end
+end

data/lib/virustotal_api/ip_report.rb

@@ -0,0 +1,35 @@
+# encoding: utf-8
+require_relative 'base'
+
+module VirustotalAPI
+  class IPReport < Base
+    attr_reader :report
+
+    def initialize(report)
+      @report = report
+    end
+
+    # @param [String] ip address IPv4 format
+    # @param [String] api_key for virustotal
+    # @return [VirustotalAPI::IPReport] Report Search Result
+    def self.find(ip, api_key)
+      response = RestClient.get(
+        api_uri + '/ip-address/report',
+        { :params => params(ip, api_key) }
+      )
+      report = JSON.parse(response.body)
+
+      new(report)
+    end
+
+    # @param [String] ip address IPv4 format
+    # @param [String] api_key for virustotal
+    # @return [Hash] params for GET Request
+    def self.params(ip, api_key)
+      {
+        :ip     => ip,
+        :apikey => api_key
+      }
+    end
+  end
+end